irc-bot.rs icon indicating copy to clipboard operation
irc-bot.rs copied to clipboard

Published 20 hours ago verified publisher icon 8573

Sandboxing/resource limits

Open 8573 opened this issue 7 years ago • 4 comments

Look into what rink has.

8573 avatar Jun 04 '17 01:06 8573

My latest work on this, using Servo's gaol library, is in the wip/sandbox/gaol/1 branch.

Patrick Walton says that I will need to use both of gaol's Sandbox and ChildSandbox mechanisms for this to work. I'm not sure that's feasible with my current architecture; specifically, gaol seems to be intended for programs and to need an executable program to sandbox, whereas irc-bot is intended as merely a library.

8573 avatar Jan 15 '18 23:01 8573

I guess I think of irc-bot no longer as a library to be used in arbitrary other crates but now rather as a framework specifically for writing IRC bots that would have a suitable executable, and indeed I for some time have assumed that I eventually will want to have the network-facing and command-handling parts of bots in one (restricted) process and other functions, such as writing to a database, in another process.

8573 avatar Jun 16 '19 02:06 8573

If I do use gaol, gating it behind a check for the availability of user namespaces might be prudent: https://github.com/servo/gaol/issues/41.

8573 avatar Jun 16 '19 03:06 8573

Note to self: See also my conversation with eternaleye, FrozenFox, and danopia in #robigalia starting at 2019-06-16 02:49:12Z.

8573 avatar Jun 16 '19 03:06 8573